Date: Sun, 31 Dec 2000 20:44:27 -0700 From: Wes Peters <wes@softweyr.com> To: Warner Losh <imp@village.org> Cc: Will Andrews <will@physics.purdue.edu>, "Michael C . Wu" <keichii@peorth.iteration.net>, ports@FreeBSD.ORG, Robert Watson <rwatson@FreeBSD.ORG>, Kris Kennaway <kris@FreeBSD.ORG> Subject: Re: Package signing tools Message-ID: <3A4FFD1B.18BE3972@softweyr.com> References: <3A4F71E0.BDE17A50@softweyr.com> <3A4EE344.E9811F06@softweyr.com> <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <3A4EDE33.84C7072@softweyr.com> <20001231021610.V305@argon.firepipe.net> <200012310743.eBV7hNs09212@billy-club.village.org> <200012311837.eBVIbIs11612@billy-club.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: > > In message <3A4F71E0.BDE17A50@softweyr.com> Wes Peters writes: > : No, I think it uses libzip. Yes, this could be used to sign any gzipped file. > : Hmmm... > > Signed security advisory patches on the web site :-) We already do > that with pgp, but we use detached certificates because the digest > format that pgp uses to sign fubar's the patch for nonpgp users. It would be nice to just stuff all the patch files into a package, sign it, stuff it on the ftp server, and call it good. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A4FFD1B.18BE3972>